Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches
Data breaches have recently been announced by Vida Y Salud-Health Systems in Crystal City, Texas, and Dublin Medical Center in Georgia.
Vida Y Salud-Health Systems, Texas
Vida Y Salud-Health Systems, a Crystal City, TX-based Federally Qualified Health Center, has recently reported a data breach to the Texas Attorney General involving unauthorized access to the protected health information of 34,504 Texas residents. On October 8, 2025, suspicious activity was identified within its network. The forensic investigation confirmed that an unauthorized third party gained access to its network on October 7, 2025, and exfiltrated data.
The investigation and data review have recently concluded, and it was confirmed that names, addresses, dates of birth, Social Security numbers, driver’s license numbers, account numbers, and claim numbers had been stolen. Vida Y Salud-Health Systems has notified the HHS’ Office for Civil Rights; however, the data breach is not currently shown on the OCR data breach portal, so it is unclear how many individuals in total have been affected. Vida Y Salud-Health Systems said steps have been taken to strengthen security to prevent similar breaches in the future, and the affected individuals have been offered complimentary credit monitoring and identity theft protection services.
Dublin Medical Center, Georgia
Dublin Medical Center in Georgia has recently started notifying individuals affected by an October 2025 cybersecurity incident. Suspicious activity was identified within its computer network on October 17, 2025. The substitute data breach notice on Dublin Medical Center’s website does not state when the unauthorized access started.
The review of the files on the affected parts of its network confirmed that patient data was compromised in the incident. The data types varied from individual to individual and may have included names in combination with some or all of the following: contact information, date of birth, patient status, provider name, diagnosis and treatment information, prescriptions, medical history, radiology imaging and reports, medical consent forms, lab reports, patient identification number, dates of service, and health insurance information.
The investigation is continuing; however, notification letters started to be mailed to the affected individuals on December 17, 2025. The affected individuals have been advised to remain vigilant against misuse of their data by reviewing their account statements, free credit reports, and explanation of benefits statements. The incident is not yet shown on the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected.
The post Vida Y Salud-Health Systems & Dublin Medical Center Confirm Data Breaches appeared first on The HIPAA Journal.
Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation
A settlement has been approved to resolve class action data breach litigation against Consulting Radiologists Ltd., a physician-owned radiology practice that provides medical imaging services at more than 100 healthcare facilities in Minnesota and the surrounding areas.
The Consulting Radiologists data breach was reported to the HHS’ Office for Civil Rights on June 14, 2024, as involving the protected health information of up to 583,824 individuals. A network intrusion was identified on February 12, 2024, and the investigation confirmed that the network was accessed by an unauthorized third party who may have obtained patient data such as names, addresses, dates of birth, medical information, health insurance information, along with the Social Security numbers of 19,346 individuals.
The data breach was announced in April 2024, and notification letters were sent to the affected individuals. Shortly thereafter, a class action lawsuit was filed in response to the data breach, followed by a further 18 complaints. In August 2024, District Court Judge Thomas Conley issued an order to consolidate all complaints against Consulting Radiologists. The consolidated lawsuit – In re Consulting Radiologists Data Incident Litigation – was filed in the District Court of the 4th Judicial District Court of Hennepin County, Minnesota, on November 1, 2024.
The lawsuit claimed the data breach was the result of negligence and could have been prevented had reasonable and appropriate cybersecurity measures been implemented and maintained. The lawsuit alleged that Consulting Radiologists had violated the HIPAA Rules, including the HIPAA Security Rule, by failing to properly secure patient data and the HIPAA Breach Notification Rule due to the delay in issuing notifications to the affected individuals.
The lawsuit asserted claims of negligence, negligence per se, breach of contract, breach of implied contract, breach of third-party contract, breach of implied covenant of good faith and fair dealing, breach of fiduciary duty, breach of confidence, invasion of privacy/intrusion upon seclusion, unjust enrichment, and violations of the Minnesota Consumer Fraud Act and Minnesota Health Records Act.
Consulting Radiologists sought to have the lawsuit dismissed, and that attempt was partially successful; however, the court failed to dismiss the claims of negligence, negligence per se, unjust enrichment, injunctive/declaratory relief, and violations of the Minnesota Consumer Fraud Act and Minnesota Health Records Act. Following mediation and ongoing negotiations, a settlement was agreed to bring the litigation to an end, with no admission of liability or wrongdoing. Consulting Radiologists has agreed to pay $2,200,000 in aggregate to cover attorneys’ fees and expenses, settlement administration and notification costs, service awards for the 19 class representatives, and benefits to the class members.
Class members may claim up to three benefits under the settlement: A claim may be submitted for reimbursement of documented, unreimbursed losses due to the data breach up to a maximum of $5,000 per class member. Two years of single-bureau credit monitoring services may be claimed, and class members may also claim a cash payment. The cash payments depend on the types of data compromised in the incident, and are expected to be $125 for individuals whose Social Security numbers were involved, and $50 for all other class members. The cash payments are subject to a pro rata reduction to remain under the cap of $2,200,000.
The deadline for objection to and exclusion from the settlement is January 30, 2026. The deadline for submitting a claim is March 2, 2026, and the final fairness hearing has been scheduled for February 25, 2026. Further information can be found on the settlement website: https://www.crdatasettlement.com/
The post Consulting Radiologists Pays $2.2M to Settle Class Action Data Breach Litigation appeared first on The HIPAA Journal.
Upcoming HIPAA Compliance Deadline: HIPAA Notice of Privacy Practices Updates Required by February 16 – Proskauer Rose LLP
Mindcore Technologies Completes HIPAA Compliance Examination for ShieldHQ – Hattiesburg American
Mindcore Technologies Completes HIPAA Compliance Examination for ShieldHQ Hattiesburg American
Mindcore Technologies Completes HIPAA Compliance Examination for ShieldHQ – kitsapsun.com
Mindcore Technologies Completes HIPAA Compliance Examination for ShieldHQ – recordonline.com
FREE Webinar Next Week: 2025 HIPAA Breaches & Fines: What Went Wrong and Your 2026 Action Plan
In 2025, hundreds of healthcare data breaches exposed tens of millions of patient records — and the OCR enforcement record shows the same failures surfacing again and again: gaps in employee training, missing or unenforced policies, and inadequate vendor oversight. Whether you run a small practice or a large health system, the patterns are predictable. So are the fixes.
Join Liam Degnan, Healthcare Compliance Expert at Compliancy Group, for this HIPAA Journal exclusive deep dive into 2025’s most instructive breaches, fines, and settlements. You’ll leave with a concrete framework to close the gaps regulators consistently target — before they find you.
Webinar attendees will learn:
- 2025’s top violation patterns– The compliance failures OCR cited most and why they keep recurring
- The three highest-risk failure points – The most common HIPAA compliance failure points that lead directly to fines for medical practices
- How audits actually happen– How OCR and HHS identify weak compliance programs and what triggers enforcement actions
- Your 2026 compliance playbook – Practical steps to build a defensible, ongoing program, with or without a dedicated team
Why Attend?
This is an exclusive opportunity for readers of the HIPAA Journal to learn from the mistakes other healthcare organizations have made and avoid falling victim to the noncompliance issues that lead to regulatory fines and lawsuits.
Attendees will be provided with the information they need to create an action plan to ensure compliance in 2026 and beyond. Complete the form on this page to register your place, and make a note of the date and time in your diary.
WEBINAR DETAILS
2025 HIPAA Breaches & Fines: What Went Wrong and Your 2026 Action Plan
Date: Tuesday, April 28, 2026
Time: 1:00 p.m. ET | 12:00 p.m. CT | 11:00 a.m. MT | 10:00 a.m. PT
Format: Live webinar
Speaker: Liam Degnan, Director, Solutions Engineering
Liam Degnan brings more than eight years of experience in risk management, SaaS sales, and healthcare compliance. As Compliancy Group’s Senior Solutions Engineer, he advises healthcare decision-makers, healthcare providers, and medical vendors. He speaks on a variety of platforms and topics, with an emphasis on simplifying HIPAA, OSHA, SOC 2, and other healthcare compliance regulations.
The post FREE Webinar Next Week: 2025 HIPAA Breaches & Fines: What Went Wrong and Your 2026 Action Plan appeared first on The HIPAA Journal.